7.6
CVE-2018-12173
- EPSS 0.04%
- Published 10.10.2018 18:29:04
- Last modified 21.11.2024 03:44:41
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Server Board S2600bp Firmware Version < 00.01.0014
Intel ≫ Server Board S2600wf Firmware Version < 00.01.0014
Intel ≫ Server Board S2600st Firmware Version < 00.01.0014
Intel ≫ Server Board S2600bpr Firmware Version < 00.01.0014
Intel ≫ Server Board S2600wfr Firmware Version < 00.01.0014
Intel ≫ Server Board S2600str Firmware Version < 00.01.0014
Intel ≫ Compute Module Hns2600bp Firmware Version < 00.01.0014
Intel ≫ Compute Module Hns2600bpr Firmware Version < 00.01.0014
Intel ≫ Server System R2000wf Firmware Version < 00.01.0014
Intel ≫ Server System R1000wf Firmware Version < 00.01.0014
Intel ≫ Server System R1000wfr Firmware Version < 00.01.0014
Intel ≫ Server System R2000wfr Firmware Version < 00.01.0014
Intel ≫ Server System H2000g Firmware Version < 00.01.0014
Intel ≫ Server System H2000gr Firmware Version < 00.01.0014
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.095 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 0.9 | 6 |
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.